[PATCH v2 net 06/15] af_unix: Annotate data-race of sk->sk_state in unix_accept().

[PATCH v2 net 00/15] af_unix: Fix lockless access of sk->sk_state and others fields. · Kuniyuki Iwashima <hidden> · 2024-06-04
[PATCH v2 net 01/15] af_unix: Set sk->sk_state under unix_state_lock() for truly disconencted peer. · Kuniyuki Iwashima <hidden> · 2024-06-04
Re: [PATCH v2 net 01/15] af_unix: Set sk->sk_state under unix_state_lock() for truly disconencted peer. · Michal Luczaj <hidden> · 2024-06-09
Re: [PATCH v2 net 01/15] af_unix: Set sk->sk_state under unix_state_lock() for truly disconencted peer. · Kuniyuki Iwashima <hidden> · 2024-06-09
Re: [PATCH v2 net 01/15] af_unix: Set sk->sk_state under unix_state_lock() for truly disconencted peer. · Kuniyuki Iwashima <hidden> · 2024-06-09
Re: [PATCH v2 net 01/15] af_unix: Set sk->sk_state under unix_state_lock() for truly disconencted peer. · Michal Luczaj <hidden> · 2024-06-10
Re: [PATCH v2 net 01/15] af_unix: Set sk->sk_state under unix_state_lock() for truly disconencted peer. · Kuniyuki Iwashima <hidden> · 2024-06-10
Re: [PATCH v2 net 01/15] af_unix: Set sk->sk_state under unix_state_lock() for truly disconencted peer. · Michal Luczaj <hidden> · 2024-06-16
Re: [PATCH v2 net 01/15] af_unix: Set sk->sk_state under unix_state_lock() for truly disconencted peer. · Kuniyuki Iwashima <hidden> · 2024-06-17
Re: [PATCH v2 net 01/15] af_unix: Set sk->sk_state under unix_state_lock() for truly disconencted peer. · Michal Luczaj <hidden> · 2024-06-19
Re: [PATCH v2 net 01/15] af_unix: Set sk->sk_state under unix_state_lock() for truly disconencted peer. · Kuniyuki Iwashima <hidden> · 2024-06-19
Re: [PATCH v2 net 01/15] af_unix: Set sk->sk_state under unix_state_lock() for truly disconencted peer. · Michal Luczaj <hidden> · 2024-06-20
Re: [PATCH v2 net 01/15] af_unix: Set sk->sk_state under unix_state_lock() for truly disconencted peer. · Kuniyuki Iwashima <hidden> · 2024-06-20
Re: [PATCH v2 net 01/15] af_unix: Set sk->sk_state under unix_state_lock() for truly disconencted peer. · Michal Luczaj <hidden> · 2024-06-22
Re: [PATCH v2 net 01/15] af_unix: Set sk->sk_state under unix_state_lock() for truly disconencted peer. · Kuniyuki Iwashima <hidden> · 2024-06-23
Re: [PATCH v2 net 01/15] af_unix: Set sk->sk_state under unix_state_lock() for truly disconencted peer. · Michal Luczaj <hidden> · 2024-06-26
Re: [PATCH v2 net 01/15] af_unix: Set sk->sk_state under unix_state_lock() for truly disconencted peer. · Kuniyuki Iwashima <hidden> · 2024-06-26
[PATCH v2 net 02/15] af_unix: Annodate data-races around sk->sk_state for writers. · Kuniyuki Iwashima <hidden> · 2024-06-04
[PATCH v2 net 03/15] af_unix: Annotate data-race of sk->sk_state in unix_inq_len(). · Kuniyuki Iwashima <hidden> · 2024-06-04
[PATCH v2 net 04/15] af_unix: Annotate data-races around sk->sk_state in unix_write_space() and poll(). · Kuniyuki Iwashima <hidden> · 2024-06-04
[PATCH v2 net 05/15] af_unix: Annotate data-race of sk->sk_state in unix_stream_connect(). · Kuniyuki Iwashima <hidden> · 2024-06-04
[PATCH v2 net 06/15] af_unix: Annotate data-race of sk->sk_state in unix_accept(). · Kuniyuki Iwashima <hidden> · 2024-06-04
[PATCH v2 net 07/15] af_unix: Annotate data-races around sk->sk_state in sendmsg() and recvmsg(). · Kuniyuki Iwashima <hidden> · 2024-06-04
[PATCH v2 net 08/15] af_unix: Annotate data-race of sk->sk_state in unix_stream_read_skb(). · Kuniyuki Iwashima <hidden> · 2024-06-04
[PATCH v2 net 09/15] af_unix: Annotate data-races around sk->sk_state in UNIX_DIAG. · Kuniyuki Iwashima <hidden> · 2024-06-04
[PATCH v2 net 10/15] af_unix: Annotate data-races around sk->sk_sndbuf. · Kuniyuki Iwashima <hidden> · 2024-06-04
[PATCH v2 net 11/15] af_unix: Annotate data-race of net->unx.sysctl_max_dgram_qlen. · Kuniyuki Iwashima <hidden> · 2024-06-04
[PATCH v2 net 12/15] af_unix: Use unix_recvq_full_lockless() in unix_stream_connect(). · Kuniyuki Iwashima <hidden> · 2024-06-04
[PATCH v2 net 13/15] af_unix: Use skb_queue_empty_lockless() in unix_release_sock(). · Kuniyuki Iwashima <hidden> · 2024-06-04
[PATCH v2 net 14/15] af_unix: Use skb_queue_len_lockless() in sk_diag_show_rqlen(). · Kuniyuki Iwashima <hidden> · 2024-06-04
[PATCH v2 net 15/15] af_unix: Annotate data-race of sk->sk_shutdown in sk_diag_fill(). · Kuniyuki Iwashima <hidden> · 2024-06-04
Re: [PATCH v2 net 00/15] af_unix: Fix lockless access of sk->sk_state and others fields. · patchwork-bot+netdevbpf@kernel.org · 2024-06-06

STALE713d

Revisions (2)

2024-06-03 v1 [diff vs current]
2024-06-04 v2 current

From: Kuniyuki Iwashima <hidden>
Date: 2024-06-04 16:55:21
Subsystem: networking [general], networking [unix sockets], the rest · Maintainers: "David S. Miller", Eric Dumazet, Jakub Kicinski, Paolo Abeni, Kuniyuki Iwashima, Linus Torvalds

Once sk->sk_state is changed to TCP_LISTEN, it never changes.

unix_accept() takes the advantage and reads sk->sk_state without
holding unix_state_lock().

Let's use READ_ONCE() there.

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Kuniyuki Iwashima <redacted>
---
 net/unix/af_unix.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index 84552826530d..4763c26ae480 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c

@@ -1710,7 +1710,7 @@ static int unix_accept(struct socket *sock, struct socket *newsock,
 		goto out;
 
 	arg->err = -EINVAL;
-	if (sk->sk_state != TCP_LISTEN)
+	if (READ_ONCE(sk->sk_state) != TCP_LISTEN)
 		goto out;
 
 	/* If socket state is TCP_LISTEN it cannot change (for now...),

-- 
2.30.2

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help